[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Mon Oct 15 03:37:58 MDT 2012


The branch, v3-6-test has been updated
       via  0745ce0 Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
       via  39e5641 Remove useless bool "upper_case_domain" parameter. (cherry picked from commit cbdf6c5c5135ce7d14ceff5d12b99428f4285e13)
       via  fc4f4de Move uppercasing the domain out of smb_pwd_check_ntlmv2()
      from  e96f50c s3-libsmb: Initialise ticket to ensure we do not invalid memory

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 0745ce013878f5c45f291bea2fa479f76fc08dd5
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Aug 23 16:02:09 2012 -0700

    Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
    
    The code in SMBNTLMv2encrypt_hash() should not be requesting case
    changes on the domain name.
    (cherry picked from commit c47183b337d996640f009d133d47f90c153acd56)
    
    The last 3 patches address bug #9117 - smbclient can't connect to a Windows 7
    server using NTLMv2 (crypto code changes domain case).

commit 39e5641f2a8a48817492c9d5204ffbeccf66f8ec
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Aug 23 15:59:54 2012 -0700

    Remove useless bool "upper_case_domain" parameter. (cherry picked from commit cbdf6c5c5135ce7d14ceff5d12b99428f4285e13)

commit fc4f4dec062e48cd59df4df2bd13c263732f2ac5
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Aug 23 15:46:16 2012 -0700

    Move uppercasing the domain out of smb_pwd_check_ntlmv2()
    
    Allows us to remove a silly bool parameter.
    
    Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm at audi.de>.
    (cherry picked from commit 43870fb2c83c0fc70fb84b48dffe8f93bacf43c9)

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/ntlm_check.c |   41 +++++++++++++++++++++--------------------
 libcli/auth/proto.h      |    1 -
 libcli/auth/smbencrypt.c |   11 +----------
 3 files changed, 22 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index da16ce2..74787a4 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -87,7 +87,6 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
 				 const uint8_t *part_passwd,
 				 const DATA_BLOB *sec_blob,
 				 const char *user, const char *domain,
-				 bool upper_case_domain, /* should the domain be transformed into upper case? */
 				 DATA_BLOB *user_sess_key)
 {
 	/* Finish the encryption of part_passwd. */
@@ -122,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
 	   but for NTLMv2 it is meant to contain the current time etc.
 	*/
 
-	if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+	if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
 		return false;
 	}
 
@@ -161,7 +160,6 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
 				const uint8_t *part_passwd,
 				const DATA_BLOB *sec_blob,
 				const char *user, const char *domain,
-				bool upper_case_domain, /* should the domain be transformed into upper case? */
 				DATA_BLOB *user_sess_key)
 {
 	/* Finish the encryption of part_passwd. */
@@ -192,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
 
 	client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16);
 
-	if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+	if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
 		return false;
 	}
 
@@ -297,6 +295,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 {
 	const static uint8_t zeros[8];
 	DATA_BLOB tmp_sess_key;
+	const char *upper_client_domain = NULL;
+
+	if (client_domain != NULL) {
+		upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
+		if (upper_client_domain == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
 
 	if (stored_nt == NULL) {
 		DEBUG(3,("ntlm_password_check: NO NT password stored for user %s.\n", 
@@ -348,13 +354,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 		/* We have the NT MD4 hash challenge available - see if we can
 		   use it 
 		*/
-		DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain));
+		DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n",
+			client_domain ? client_domain : "<NULL>"));
 		if (smb_pwd_check_ntlmv2(mem_ctx,
 					 nt_response, 
 					 stored_nt->hash, challenge, 
 					 client_username, 
 					 client_domain,
-					 false,
 					 user_sess_key)) {
 			if (user_sess_key->length) {
 				*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
@@ -362,13 +368,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			return NT_STATUS_OK;
 		}
 
-		DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
+		DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n",
+			upper_client_domain ? upper_client_domain : "<NULL>"));
 		if (smb_pwd_check_ntlmv2(mem_ctx,
 					 nt_response, 
 					 stored_nt->hash, challenge, 
 					 client_username, 
-					 client_domain,
-					 true,
+					 upper_client_domain,
 					 user_sess_key)) {
 			if (user_sess_key->length) {
 				*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
@@ -382,7 +388,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					 stored_nt->hash, challenge, 
 					 client_username, 
 					 "",
-					 false,
 					 user_sess_key)) {
 			if (user_sess_key->length) {
 				*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
@@ -470,13 +475,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 	/* This is for 'LMv2' authentication.  almost NTLMv2 but limited to 24 bytes.
 	   - related to Win9X, legacy NAS pass-though authentication
 	*/
-	DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain));
+	DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n",
+		client_domain ? client_domain : "<NULL>"));
 	if (smb_pwd_check_ntlmv2(mem_ctx,
 				 lm_response, 
 				 stored_nt->hash, challenge, 
 				 client_username,
 				 client_domain,
-				 false,
 				 &tmp_sess_key)) {
 		if (nt_response->length > 24) {
 			/* If NTLMv2 authentication has preceeded us
@@ -488,7 +493,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					    stored_nt->hash, challenge, 
 					    client_username,
 					    client_domain,
-					    false,
 					    user_sess_key);
 		} else {
 			/* Otherwise, use the LMv2 session key */
@@ -500,13 +504,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_OK;
 	}
 
-	DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
+	DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n",
+		upper_client_domain ? upper_client_domain : "<NULL>"));
 	if (smb_pwd_check_ntlmv2(mem_ctx,
 				 lm_response, 
 				 stored_nt->hash, challenge, 
 				 client_username,
-				 client_domain,
-				 true,
+				 upper_client_domain,
 				 &tmp_sess_key)) {
 		if (nt_response->length > 24) {
 			/* If NTLMv2 authentication has preceeded us
@@ -517,8 +521,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					    nt_response, 
 					    stored_nt->hash, challenge, 
 					    client_username,
-					    client_domain,
-					    true,
+					    upper_client_domain,
 					    user_sess_key);
 		} else {
 			/* Otherwise, use the LMv2 session key */
@@ -536,7 +539,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 				 stored_nt->hash, challenge, 
 				 client_username,
 				 "",
-				 false,
 				 &tmp_sess_key)) {
 		if (nt_response->length > 24) {
 			/* If NTLMv2 authentication has preceeded us
@@ -548,7 +550,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					    stored_nt->hash, challenge, 
 					    client_username,
 					    "",
-					    false,
 					    user_sess_key);
 		} else {
 			/* Otherwise, use the LMv2 session key */
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 34a0052..11b720d 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -109,7 +109,6 @@ bool E_deshash(const char *passwd, uint8_t p16[16]);
 void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]);
 bool ntv2_owf_gen(const uint8_t owf[16],
 		  const char *user_in, const char *domain_in,
-		  bool upper_case_domain, /* Transform the domain into UPPER case */
 		  uint8_t kr_buf[16]);
 void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
 void SMBNTencrypt_hash(const uint8_t nt_hash[16], uint8_t *c8, uint8_t *p24);
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index ed1172b..e0326d4 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -168,7 +168,6 @@ void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16])
 /* Does both the NTLMv2 owfs of a user's password */
 bool ntv2_owf_gen(const uint8_t owf[16],
 		  const char *user_in, const char *domain_in,
-		  bool upper_case_domain, /* Transform the domain into UPPER case */
 		  uint8_t kr_buf[16])
 {
 	smb_ucs2_t *user;
@@ -198,14 +197,6 @@ bool ntv2_owf_gen(const uint8_t owf[16],
 		return false;
 	}
 
-	if (upper_case_domain) {
-		domain_in = strupper_talloc(mem_ctx, domain_in);
-		if (domain_in == NULL) {
-			talloc_free(mem_ctx);
-			return false;
-		}
-	}
-
 	ret = push_ucs2_talloc(mem_ctx, &user, user_in, &user_byte_len );
 	if (!ret) {
 		DEBUG(0, ("push_uss2_talloc() for user failed)\n"));
@@ -474,7 +465,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
 	   the username and domain.
 	   This prevents username swapping during the auth exchange
 	*/
-	if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) {
+	if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
 		return false;
 	}
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list